-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall
executable file
·99 lines (77 loc) · 2.86 KB
/
install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/env bash
# Install ClamAV and linux-malware-detect (aka maldet).
#
# Includes check that both maldet and clamscan are functioning correctly,
# and that they return trustworthy exit codes.
#
# Script tested only on debian:buster Docker image so far.
set -euo pipefail
# MALDET_VERSION and MALDET_SHA256SUM should always be updated together!
MALDET_VERSION=1.6.4
MALDET_SHA256SUM=3ad66eebd443d32dd6c811dcf2d264b78678c75ed1d40c15434180d4453e60d2
# MALDET_URL is the url to download the maldet source tarball from.
MALDET_URL=https://github.com/rfxn/linux-malware-detect/archive/$MALDET_VERSION.tar.gz
# MALDET_LOCAL_DIR is the dir to extract the maldet tarball to.
MALDET_LOCAL_DIR=maldet-$MALDET_VERSION
# MALDET_LOCAL_ARCHIVE is the name of the tarball file we download to.
MALDET_LOCAL_ARCHIVE=$MALDET_LOCAL_DIR.tar.gz
apt-get update -q
# wget is required by maldet, not just this script.
apt-get install -q -y ca-certificates wget
echo "==> Installing ClamAV"
apt-get install -y clamav
echo "==> Updating ClamAV database"
freshclam
echo "==> Installing maldet v$MALDET_VERSION"
wget -O $MALDET_LOCAL_ARCHIVE $MALDET_URL
echo "==> Checking maldet sha256sum"
sha256sum -c - <<< "$MALDET_SHA256SUM $MALDET_LOCAL_ARCHIVE"
echo "==> Extracting maldet"
mkdir -p $MALDET_LOCAL_DIR
# We assume the tarball contains an inner directory containing the source,
# hence --strip-components=1 to remove that outer dir.
tar -xzvf $MALDET_LOCAL_ARCHIVE --strip-components=1 -C $MALDET_LOCAL_DIR
echo "==> Installing maldet"
(
set -euo pipefail
cd $MALDET_LOCAL_DIR
./install.sh
)
# Do not ignore files owned by root.
echo 'scan_ignore_root="0"' >> /usr/local/maldetect/conf.maldet
echo "==> Updating maldet signatures"
# Update sigs.
maldet -u
# Setup test data.
GOOD_DIR=/av-test/good
BAD_DIR=/av-test/bad
mkdir -p $GOOD_DIR $BAD_DIR
echo "This file is free of malware, I hope!" > $GOOD_DIR/goodfile.txt
# EICAR_TEST_FILE was downloaded from https://secure.eicar.org/eicar.com.txt 2020-05-01.
EICAR_TEST_FILE='X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
echo "$EICAR_TEST_FILE" > $BAD_DIR/badfile.txt
# Check exit codes behaving as expected.
echo "==> Testing clamscan..."
clamscan $GOOD_DIR > clamav.log 2>&1 || {
echo "==> ERROR: ClamAV exited non-zero scanning known malware-free file, log:"
cat clamav.log
exit 1
}
clamscan $BAD_DIR > clamav.log 2>&1 && {
echo "==> ERROR: ClamAV exited zero scanning the malware test file, log:"
cat clamav.log
exit 1
}
echo "==> OK: clamscan is functioning correctly."
echo "==> Testing maldet..."
maldet -a $GOOD_DIR > maldet.log 2>&1 || {
echo "==> ERROR: maldet exited non-zero scanning known-malware-free file, log:"
cat maldet.log
exit 1
}
maldet -a $BAD_DIR > maldet.log 2>&1 && {
echo "==> ERROR: maldet exited zero scanning the malware test file, log:"
cat maldet.log
exit 1
}
echo "==> OK: maldet is functioning correctly."